NTLMSSP auth header

Luke Kenneth Casson Leighton lkcl at switchboard.net
Thu Apr 2 18:43:17 GMT 1998


On Thu, 2 Apr 1998, Jeremy Allison wrote:

> Luke,
> 
> 	Looking at the NTLMSSP auth header for your DCE
> code, I think I know what the format of this should be,
> as I have implemented it for Whistle's IMAP server
> (MS outlook express uses this header, encoded in base64
> into an ascii stream, to do IMAP authentication).

 
> This is the protocol that Dave Thompson of MS promised
> to me over a year ago at the MS PDC in Long Beach would
> be documented, of course it never has been :-(.

and paul leach also mentioned that he is trying to get the various bods to
consider releasing NTLMSSP documentation for public review, too.
 
> It is the key to talking authenticated to MS active
> directory (LDAP server etc.), as well as their 'secure'
> Web administration protocol over HTTP.
> 
> The protocol looks like (this is a snapshot from a
> Windows 95 - to NT IMAP conversation - as such no
> UNICODE is used, the unknown flags fields may
> specify if UNICODE is to be used instead). :

[cut boring bits of protocol stuff with interesting comments]

jeremy, do you _happen_ to know what then occurs if you negotiate "encrypt
data"?  note the "authentication verifier" at the end.  paul ashton
reckons that there is an rc4 key kicking about that decrypts the packet...

luke



More information about the samba-technical mailing list